From owner-freebsd-security Mon Nov 5 23:21: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns.uh.ru (ns.uh.ru [62.118.252.32]) by hub.freebsd.org (Postfix) with ESMTP id B34DE37B416 for ; Mon, 5 Nov 2001 23:21:00 -0800 (PST) Received: from there (ppp92.yaroslavl.ru [217.15.128.92]) by ns.uh.ru (8.11.6/8.11.6) with SMTP id fA67HZu81881; Tue, 6 Nov 2001 10:17:36 +0300 (MSK) (envelope-from volax@uh.ru) Message-Id: <200111060717.fA67HZu81881@ns.uh.ru> Content-Type: text/plain; charset="koi8-r" From: "Alexander S. Volchenkov" Reply-To: volax@uh.ru Organization: Superbmarket To: Peter Pentchev Subject: Re: Chrooted SSH2 problem Date: Tue, 6 Nov 2001 10:21:40 +0300 X-Mailer: KMail [version 1.3] References: <200111051546.fA5FkLu62095@ns.uh.ru> <20011105174639.C77919@straylight.oblivion.bg> In-Reply-To: <20011105174639.C77919@straylight.oblivion.bg> Cc: freebsd-security@FreeBSD.ORG MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Peter! > > > > I've just installed ssh2 and trying to implement it's chroot feature. > > I have a problem with user login. > > > > User "dummy" is in the "chrooted" group. His home directory : > > /home/chrooted/dummy contains bin subdirectory with a mirror of /bin. > > User's shell is /bin/sh. Command: chroot /home/chrooted/dummy works fine. > > > > From /etc/sshd2_conf: > > ------------------------------------------- > > AllowGroups chrooted > > ChRootGroups chrooted > > ------------------------------------------- -------------- SKIP ----------------- > On the server, stop any sshd's running, then run an 'sshd -d' and > watch its output. The output of sshd2 -d1: gate# ssh2 -l dummy gate dummy@gate's password: Authentication successful. sshd2[1296]: /etc/spwd.db: No such file or directory debug: ssh_user_become: getpwnam: Bad file descriptor debug: Switching to user 'dummy' failed! Connection to gate closed. Does it mean i must provide /etc/spwd.db file in the user home directory? In this case, how can I create this file for single user usage? Thanks, Alexander S. Volchenkov (mailto:volax@uh.ru) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message